General
-
Target
5de1c7ab2a83edc8ae757ba8d7f62adb.exe
-
Size
1.4MB
-
Sample
210119-7a7naz3r8j
-
MD5
5de1c7ab2a83edc8ae757ba8d7f62adb
-
SHA1
30d1ff434b659916eaf8c37fea1190b91aa650ce
-
SHA256
e7b1ad88e518117bed32f9ff14ae294d579826cee660c49cb58d48d59133a523
-
SHA512
a82c885923d028381148e21f673a38399fe8ca1072049e114088e02bedc3b8e17ba16dcc053f793ce7c01bdc305580236ec7f4249d2dd8279f46f3117be72982
Static task
static1
Behavioral task
behavioral1
Sample
5de1c7ab2a83edc8ae757ba8d7f62adb.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
5de1c7ab2a83edc8ae757ba8d7f62adb.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
grtwyagvbxnzmklopmdhsyuwaszxbyhredsnmko.ydns.eu:2006
Targets
-
-
Target
5de1c7ab2a83edc8ae757ba8d7f62adb.exe
-
Size
1.4MB
-
MD5
5de1c7ab2a83edc8ae757ba8d7f62adb
-
SHA1
30d1ff434b659916eaf8c37fea1190b91aa650ce
-
SHA256
e7b1ad88e518117bed32f9ff14ae294d579826cee660c49cb58d48d59133a523
-
SHA512
a82c885923d028381148e21f673a38399fe8ca1072049e114088e02bedc3b8e17ba16dcc053f793ce7c01bdc305580236ec7f4249d2dd8279f46f3117be72982
Score10/10-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-